****Feature, IaaS, PaaS, SaaS

Managed By, Mostly You, You + Provider, Mostly Provider

User Controls, App, OS, Runtime, Only App & Data, Only Software Usage
Ideal For, IT Admins, Developers, End Users
Example, AWS EC2, AWS Beanstalk , Google Workspace
**** AWS Compute Services – AWS Compute Services provide the backbone for
running applications in the cloud. These services allow you to run code, host applications,
and manage containers or virtual servers without having to buy or manage physical
servers.
-- Major AWS Compute Services:Amazon EC2, AWS Lambda, Amazon ECS, Amazon EKS,
AWS Fargate, AWS Elastic Beanstalk,
What is EC2? Amazon EC2 provides resizable virtual servers (instances) that run
applications on the AWS cloud. It offers complete control over your computing
environment. Key Features: Elasticity: Variety of Instance Types: Custom AMIs:
Persistent Storage: Security: Networking: Auto Scaling: Load Balancing:
EC2 Pricing Models: On-Demand, Reserved Instances, Spot Instances, Savings Plans,
**** What is AWS Elastic Beanstalk? AWS Elastic Beanstalk is a Platform as a Service
(PaaS) that makes it easy to deploy and manage applications in the AWS Cloud without
worrying about the underlying infrastructure. You just upload your application code, and
Elastic Beanstalk automatically handles the deployment, including: Capacity provisioning
(EC2 instances), Load balancing, Auto scaling, Monitoring, Health checks
Supported Platforms/Languages:Java, .NET, PHP, Node.js, Python, Ruby, Go, Docker
Key Features:---Fully managed environment---Uses AWS services like EC2, S3,
CloudWatch, ELB, Auto Scaling---Supports application versioning and rollback---Allows
full control if needed via EC2, S3, etc.
Main Benefits of Elastic Beanstalk:
Easy Deployment, Just upload your code ,Managed Infrastructure, Auto Scaling, Monitoring
& Health Checks, Customizability, Quick Rollbacks, Cost-Efficient, CI/CD Integration,
**** Steps to Secure AWS Accounts & Ensure Compliance
1. Enable Multi-Factor Authentication (MFA)---Enable MFA for root user and all IAM
users.----Use hardware or virtual MFA devices (e.g., Google Authenticator).
2. Use IAM Roles & Least Privilege Access--Avoid using the root account for daily
tasks.---Create IAM users/roles with minimum required permissions.---Regularly review
and audit policies. 3. Set Up Strong Password Policies---Define password complexity,
expiration, reuse policies using IAM.---Enforce rotation of access keys. 4. Enable AWS
CloudTrail----Tracks API calls and user activities.---Essential for auditing, investigation,
and compliance. 5. Use AWS Config---Continuously monitors and records resource
configurations.----Helps detect non-compliant configurations.
6. Enable AWS GuardDuty---Provides intelligent threat detection (e.g., IP anomalies,
credential misuse).---Monitors VPC flow logs, DNS logs, CloudTrail.
7. Monitor Logs with Amazon CloudWatch 8. Use AWS Organizations and Service
Control Policies (SCPs)---Manage multiple AWS accounts centrally.---Apply policies and
restrictions across all accounts. 9. Enable AWS Security Hub---Centralized view of
security alerts and compliance status.---Integrates with GuardDuty, Macie, Inspector,
Config, etc. 10. Perform Regular Audits & Penetration Testing---Use AWS Trusted
Advisor for security checks.---Schedule internal audits, and check for vulnerabilities.---
Follow AWS penetration testing policy if performing tests. 11. Encrypt Data
** What is AWS IAM (Identity and Access Management)?
Definition:AWS IAM is a service that allows you to securely control access to AWS
services and resources for users and applications.
IAM Core Components: Users, Individual accounts for people or applications
Groups, Collections of IAM users with common permissions
Policies, JSON documents that define allow/deny rules
Roles, Identities with specific permissions that can be assumed temporarily
Federation, Allows SSO from external sources like Google, AD, or SAML
Key IAM Features:
Granular Permissions: Fine-Grained Access Control: Temporary Credentials: Integrations:
****Scale and Load Balancing in AWS – Explained
What is Scaling? Scaling in AWS means increasing or decreasing resources (like EC2
instances) to match application demand.
Types of Scaling:---Vertical Scaling: Increase instance size (e.g., t2.medium → t2.large).
Simple but has hardware limits.----Horizontal Scaling:Add more instances to handle
increased load.More fault-tolerant and scalable.
Auto Scaling in AWS:Amazon EC2 Auto Scaling automatically adds/removes EC2
instances based on:--CPU usage--Request count--Custom CloudWatch metrics --Ensures
performance and cost-efficiency.
What is Load Balancing? Load balancing distributes incoming traffic across multiple
servers to:--Avoid overload--Increase fault tolerance--Maintain high availability
Elastic Load Balancer (ELB) – Elastic Load Balancing automatically distributes
incoming application traffic across multiple targets (like EC2s) in one or more AZs
(Availability Zones).
 Types of ELBs:---Application Load Balancer (ALB)---Network Load Balancer (NLB), ----
Gateway Load Balancer, ----Classic Load Balancer (CLB),
Key ELB Features:---Health Checks: ---SSL Termination: ---Autoscaling Integration --
Sticky Sessions (Session Affinity)
What are Cloud Logs?--Cloud logs are event records that help track the behavior and
performance of services and applications in the cloud.
They include:--Access logs (who accessed what)---Error logs---System logs----Audit trails
Which Service to Use? → Amazon CloudWatch
Amazon CloudWatch Features:CloudWatch Logs,CloudWatch Metrics, Alarms,
Dashboards, Log Insights,
Unit 2
**** What is a Database Server?---A Database Server is a dedicated system or service
that stores, manages, and serves data to applications or users.---In cloud computing, this
server is hosted and managed on cloud platforms like AWS, Azure, or GCP, providing
scalable, secure, and cost-effective access to databases.
Key Characteristics in the Cloud Context:
---Scalable,---Managed, ---High Availability, ---Security, Encryption, ---Pay-as-you-go,
Types of Cloud Database Services:
Relational Databases (SQL): MySQL, PostgreSQL, MariaDB, Oracle, MS SQL
AWS Example: Amazon RDS
NoSQL Databases: MongoDB, Cassandra, DynamoDB
AWS Example: Amazon DynamoDB
In-memory Databases: For caching
AWS Example: Amazon ElastiCache (Redis/Memcached)
Applications of Cloud Database Servers: ---Web Applications,---Mobile Apps, ---
Analytics & BI, ---IoT,---AI/ML---ERP & CRM
Example in AWS: Amazon RDS---Fully managed SQL database service---Supports
automated backups, replication, and scaling---Used for apps like WordPress, Django,
Laravel, Spring Boot
**** File Storage, Block Storage, and Object Storage
File Storage---Organizes data in files and directories.---Uses network protocols like
NFS (Linux) or SMB (Windows).---Suitable for legacy applications or file sharing.---Use
Cases: Shared file systems, home directories, collaborative apps.---Example (AWS):
Amazon EFS (Elastic File System).
Block Storage---Data is stored in fixed-size blocks (e.g., 4KB, 8KB).---Acts like a raw
hard drive for servers (e.g., attached to EC2 instances).---Ideal for high-performance
applications needing fast I/O (e.g., databases).---Use Cases: Databases, VM disks, high-
performance apps.---Example (AWS): Amazon EBS (Elastic Block Store).
Object Storage---Data is stored as objects (data + metadata) with unique keys.----Flat
namespace; no folders, data is immutable.---Highly scalable and ideal for large
unstructured data.---Use Cases: Media storage, backups, static content, big data.---
Example (AWS): Amazon S3 (Simple Storage Service).
*****Cost optimization in cloud databases refers to strategies and practices designed to
reduce the overall cost of cloud database usage while maintaining performance,
scalability, and availability. It involves making informed choices regarding resource
allocation, usage patterns, and pricing models in order to maximize efficiency and
minimize unnecessary spending.
Key Aspects of Cost Optimization in Cloud Databases:
---Choosing the Right Database Service---Storage Optimization---Scaling Efficiently----
Choosing the Right Pricing Model----Optimize Database Operations---Use Multi-AZ and
Read Replicas Wisely---Monitor and Review Usage Regularly----Database Backups and
Retention

✅ Key Differences Between DAS, NAS, and SAN

DAS (Direct-
NAS (Network-
Feature Attached SAN (Storage Area Network)
Attached Storage)
Storage)
Directly
Connectio Connected to a Connected via dedicated
connected to a
n Type network network (e.g., Fibre Channel)
single device
Local file system
Access File-level protocols Block-level access (e.g., iSCSI,
access (e.g.,
Protocol (e.g., NFS, SMB) Fibre Channel)
NTFS)
Data Limited to one Shared by multiple Shared by multiple servers at
Sharing machine users and devices block level
Limited to the
Scalable for network Highly scalable for large
Scalability capacity of the
file access enterprise environments
device
Moderate
High
Performan performance, High performance, low latency,
performance for
ce dependent on and throughput
local access
network
 High cost due to specialized
Relatively low
Cost Moderate cost hardware and network
cost
infrastructure
Manageme
Moderate Complex, requires specialized
nt Simple, easy to
complexity, requires skills for setup and
Complexit set up
network setup maintenance
y

Comparing Key Aspects:

Feature On-Premises Storage Cloud-Based Storage

Scalabilit Limited, requires manual
Highly scalable, on-demand expansion
y upgrades
Less flexible, requires
Flexibility Extremely flexible, multiple storage options
significant reconfiguration
Cost-
High initial costs, ongoing Pay-as-you-go model, no upfront
Effectiven
maintenance investment, lower operational costs
ess

**** What strategies can organizations employ to optimize cloud storage costs when using
databases in a cloud environment?
---- 1. Choose the Right Database Type 2. Use Tiered Storage 3. Enable Auto-
Scaling 4. Implement Data Lifecycle Policies 5. Compress Data 6. Optimize
Backups 7. Clean Up Unused Resources 8. Monitor Storage Usage 9. Reserve
Capacity for Predictable Workloads 10. Use Multi-Region Strategically 11.
Deduplicate and Normalize Data 12. Review and Optimize Schema Design
**** How to Keep a Database Safe and Secure in the Cloud
1. Encrypt Data (At Rest and In Transit)--Encrypt sensitive data stored in the database (at
rest).---Use SSL/TLS to encrypt data transmitted between applications and the database
(in transit).=====Example:--Amazon RDS uses AWS Key Management Service (KMS) for
encryption at rest.--TLS is used for secure data transfer.
2. Use Identity and Access Management (IAM)---Implement role-based access control to
limit access to the database.--Grant users the least privilege necessary to perform their
tasks.====Example:--AWS IAM allows defining who can access databases and what
operations they can perform (read/write/admin).--Azure Active Directory (AD) can manage
access to Azure SQL Database.
Security Measures and Best Practices for Safeguarding Data in the Cloud
1. Data Encryption---At Rest: Encrypt data stored on disks using AES-256.---In Transit: Use
SSL/TLS to secure data during transmission.----Managed Keys or Bring Your Own Key
(BYOK) via services like AWS KMS, Azure Key Vault.
2. Identity and Access Management (IAM)---Grant least privilege access.---Use role-based
access controls and MFA (Multi-Factor Authentication).
3. Regular Backups and Disaster Recovery---Automate backups and test recovery plans.---
-Use cross-region replication for high availability.
4. Monitoring and Logging----Use tools like AWS CloudTrail, Azure Monitor, GCP
Operations Suite to track access and changes.
5. Firewalls and Network Isolation----Use VPCs, security groups, and network access
control lists (ACLs) to isolate resources.
6. Patch Management---Keep OS and database software updated to fix vulnerabilities.----
Managed services handle patching automatically.
7. Compliance and Governance Tools---Use tools to enforce policies, auditing, and
compliance (e.g., AWS Config, Azure Policy).